Kernel Mode Debugging - Scenario 2: Find the module responsible for a crash

  • Article

  1. Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

  2. Copyright (c) Microsoft Corporation. All rights reserved.

  4. Loading Dump File

  5. Kernel Complete Dump File: Full address space is available

  6. Symbol search path is: SRV*C:\symsrv*https://msdl.microsoft.com/download/symbols

  7. Executable search path is:

  8. Windows 2000 Kernel Version 2195 (Service Pack 3) UP Free x86 compatible

  9. Product: WinNt

  10. Machine Name:

  11. Kernel base = 0x80400000 PsLoadedModuleList = 0x8046d9f0

  12. Debug session time: Thu Mar 20 09:47:36.323 2003 (GMT-8)

  13. System Uptime: 0 days 0:03:16.983

  14. Loading Kernel Symbols

  15. Loading User Symbols

  16. Loading unloaded module list

  17. *******************************************************************************

  18. * Bugcheck Analysis *

  19. *******************************************************************************

  20. Use !analyze -v to get detailed debugging information.

  21. BugCheck 9F, {2, 81442d30, 814a32d0, 0}

  22. Probably caused by : ntoskrnl.exe ( nt!PopWaitForSystemPowerIrp+2cd )

  23. Followup: MachineOwner

  24. kd> !analyze -v

  25. *******************************************************************************

  26. * Bugcheck Analysis *

  27. *******************************************************************************

  28. DRIVER_POWER_STATE_FAILURE (9f)

  29. A driver is causing an inconsistent power state.

  30. Arguments:

  31. Arg1: 00000002, The device object completed the irp for the system power

  32.  state request, but failed to call PoStartNextPowerIrp

  33. Arg2: 81442d30, Optional Target device's DEVICE_OBJECT

  34. Arg3: 814a32d0, DeviceObject

  35. Arg4: 00000000, Optional DriverObject

  36. Debugging Details:

  37. DRVPOWERSTATE_SUBCODE: 2

  38. DEVICE_OBJECT: 814a32d0

  39. DEFAULT_BUCKET_ID: DRIVER_FAULT

  40. BUGCHECK_STR: 0x9F

  41. PROCESS_NAME: winlogon.exe

  42. LAST_CONTROL_TRANSFER: from 8048cc8c to 8048d1a4

  43. STACK_TEXT:

  44. f395f3e8 8048cc8c 8122b000 00000001 00000001 nt!PopWaitForSystemPowerIrp+0x2cd

  45. f395f40c 8048c6d5 00000000 f395f4fc f395f580 nt!PopSetDevicesSystemState+0x100

  46. f395f4e8 80465091 00000002 00000005 20000003 nt!NtSetSystemPowerState+0x26b

  47. f395f4e8 80401515 00000002 00000005 20000003 nt!KiSystemService+0xc4

  48. f395f56c 8048c4dd 00000002 00000005 20000003 nt!ZwSetSystemPowerState+0xb

  49. f395f650 80465091 00000002 00000005 20000003 nt!NtSetSystemPowerState+0x70

  50. f395f650 77f9a51e 00000002 00000005 20000003 nt!KiSystemService+0xc4

  51. 0006f5a4 010130d7 00000002 00000005 20000003 ntdll!ZwSetSystemPowerState+0xb

  52. 0006f5c8 01012f39 000768f0 00010018 0006fd60 winlogon!SleepSystem+0xa7

  53. 0006fcdc 77e11d0a 00010018 0000004c 00000004 winlogon!SASWndProc+0x46c

  54. 0006fcfc 77e12bcc 0100a02e 00010018 0000004c USER32!UserCallWinProc+0x18

  55. 0006fd18 77e50061 003e1180 0000004c 00000004 USER32!DispatchClientMessage+0x4b

  56. 0006fd40 77fa02ff 0006fd50 00000028 003e1180 USER32!__fnLOGONNOTIFY+0x2c

  57. 0006fd40 80401776 0006fd50 00000028 003e1180 ntdll!KiUserCallbackDispatcher+0x13

  58. f395f924 80430bfa f395f9f4 f395f9ec 00000000 nt!KiCallUserMode+0x4

  59. f395f988 a00eb96f 0000001d f395f9b8 00000028 nt!KeUserModeCallback+0xa6

  60. f395fc28 a005809d a02f1180 0000004c 00000004 win32k!xxxClientMonitorEnumProc+0x58

  61. f395fca0 a0013326 e1bdb2a8 f395fd64 00000000 win32k!xxxReceiveMessage+0x405

  62. f395fcdc a00149e5 f395fd0c 000021ff 00000000 win32k!xxxInternalGetMessage+0x1ce

  63. f395fd48 80465091 0006fdf0 00000000 00000000 win32k!NtUserGetControlColor+0x5e

  64. f395fd48 77e12154 0006fdf0 00000000 00000000 nt!KiSystemService+0xc4

  65. 0006fd9c 77e1223e 0006fdf0 00000000 00000000 USER32!NtUserPeekMessage+0xb

  66. 0006fdc8 77e26e18 0006fdf0 00000000 00000000 USER32!PeekMessageW+0xba

  67. 0006fe10 77e26d62 0004005a 00000000 00000010 USER32!DialogBox2+0xe5

  68. 0006fe34 77e26ff3 01000000 01025c10 00000000 USER32!InternalDialogBox+0xd1

  69. 0006fe54 77e31c00 01000000 01025c10 00000000 USER32!DialogBoxIndirectParamAorW+0x34

  70. 0006fe78 010061cb 01000000 00000578 00000000 USER32!DialogBoxParamW+0x3d

  71. 0006feb4 01006146 000768f0 01000000 00000578 winlogon!TimeoutDialogBoxParam+0x27

  72. 0006feec 010083c8 000768f0 01000000 00000578 winlogon!WlxDialogBoxParam+0x7b

  73. 0006ff0c 01004ce1 000768f0 010084b4 000768f0 winlogon!BlockWaitForUserAction+0x3c

  74. 0006ff24 01001a13 000768f0 00000005 00073024 winlogon!MainLoop+0x1bf

  75. 0006ff58 010017a2 00071fc8 00000000 00073024 winlogon!WinMain+0x32f

  76. 0006fff4 00000000 7ffdf000 000000c8 00000100 winlogon!WinMainCRTStartup+0x156

  78. STACK_COMMAND: kb

  79. FOLLOWUP_IP:

  80. nt!PopWaitForSystemPowerIrp+2cd

  81. 8048d1a4 6a01 push 1

  82. SYMBOL_STACK_INDEX: 0

  83. SYMBOL_NAME: nt!PopWaitForSystemPowerIrp+2cd

  84. FOLLOWUP_NAME: MachineOwner

  85. MODULE_NAME: nt

  86. IMAGE_NAME: ntoskrnl.exe

  87. DEBUG_FLR_IMAGE_TIMESTAMP: 3d366b8b

  88. FAILURE_BUCKET_ID: 0x9F_nt!PopWaitForSystemPowerIrp+2cd

  89. BUCKET_ID: 0x9F_nt!PopWaitForSystemPowerIrp+2cd

  90. Followup: MachineOwner

  91. ---------

  92. kd> !devstack 814a32d0

  93.   !DevObj !DrvObj !DevExt ObjectName

  94.   81442d30 \Driver\awlegacy 81442de8 xyzHostLegacyVideo

  95.   81491450 \Driver\AW_HOST 81491508 xyzVideoDevice0

  96.   81491640 \Driver\tgiul50 814916f8 Video1

  97. > 814a32d0 \Driver\PCI 814a3388 NTPNP_PCI0005

  98. !DevNode 814805c8 :

  99.   DeviceInst is "PCI\VEN_1023&DEV_9660&SUBSYS_00000000&REV_D3\2&ebb567f&0&58"

  100.   ServiceName is "tgiul50"

  101. kd> !podev 81442d30 

  102. Device object is for:

  103.  xyzHostLegacyVideo DriverObject 81442030

  104. Current Irp 00000000 RefCount 0 Type 00000022 DevFlags 00000044l

  105. Device queue is not busy.

  106. Device Object Extension: 81442e18:

  107. PowerFlags: 00000500 =>SystemState=0 DeviceState=0 syact dvact

  108. Dope: 00000000:

  109. kd> !podev 81491450 

  110. Device object is for:

  111.  xyzVideoDevice0 DriverObject 8149a5f0

  112. Current Irp 00000000 RefCount 0 Type 00000022 AttachedDev 81442d30 DevFlags 00002044l DO_POWER_PAGABLE

  113. Device queue is not busy.

  114. Device Object Extension: 814915d0:

  115. PowerFlags: 00000000 =>SystemState=0 DeviceState=0

  116. Dope: 00000000:

  117. kd> !podev 81491640 

  118. Device object is for:

  119.  Video1 DriverObject 81491030

  120. Current Irp 00000000 RefCount 1 Type 00000023 AttachedDev 81491450 DevFlags 0000204cl DO_POWER_PAGABLE

  121. Device queue is not busy.

  122. Device Object Extension: 81491fc8:

  123. PowerFlags: 00000010 =>SystemState=0 DeviceState=1

  124. Dope: 00000000:

  125. kd> !podev 814a32d0 

  126. Device object is for:

  127.  NTPNP_PCI0005 DriverObject 81481bd0

  128. Current Irp 00000000 RefCount 0 Type 00000023 AttachedDev 81491640 DevFlags 00001040l

  129. Device queue is not busy.

  130. Device Object Extension: 814a3468:

  131. PowerFlags: 00000000 =>SystemState=0 DeviceState=0

  132. Dope: 00000000: